Re: [tor-relays] issues with a fresh new tor server

Sun, 21 Aug 2016 06:24:44 -0700 

Op 21/08/16 om 15:14 schreef Toralf Förster:
> Hi,
> 
> I made the following steps to have /var/lib/tor encrypted under an ext4fs 
> under a stable Gentoo Linux:
> 
> at a local system:
>       head -c 16 /dev/random | xxd -p > ~/tmp-salt.txt; echo 0x`cat 
> ~/tmp-salt.txt` > ~/.cryptoSalt; rm ~/tmp-salt.txt
>       picked up a password from: pwgen -s 16
>       open the remote directory: scp ~/.crypto{Pass,Salt} user@host:home; ssh 
> user@host 'cat ~/.cryptoPass | sudo e4crypt add_key -S $(cat ~/.cryptoSalt) 
> /var/lib/tor; rm ~/.crypto{Pass,Salt}'
> 
> 
> debug.log tells me:
> 
> ...
> Aug 21 15:09:23.817 [notice] Opening Directory listener on 
> [2a01:4f8:190:514a::2]:80
> Aug 21 15:09:23.000 [warn] Your log may contain sensitive information - 
> you're logging more than "notice". Don't log unless it serves an important 
> reason. Overwrite the log afterwards.
> Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Attemping to 
> disable debugger attachment to Tor for unprivileged users.
> Aug 21 15:09:23.000 [debug] tor_disable_debugger_attach(): Debugger 
> attachment disabled for unprivileged users.
> Aug 21 15:09:23.000 [info] tor_lockfile_lock(): Locking 
> "/var/lib/tor/data/lock"
> Aug 21 15:09:23.000 [warn] Couldn't open "/var/lib/tor/data/lock" for 
> locking: Operation not permitted
> Aug 21 15:09:23.000 [err] set_options(): Bug: Acting on config options left 
> us in a broken state. Dying. (on Tor 0.2.8.6 )
> 
> and indeed :
> 
> 
> # ls -alR /var/lib/tor/
> /var/lib/tor/:
> total 12
> drwxr-xr-x  3 tor  tor  4096 Aug 21 15:09 .
> drwxr-xr-x 14 root root 4096 Aug 21 03:10 ..
> drwx------  2 tor  tor  4096 Aug 21 15:09 data
> -rw-r--r--  1 root root    0 Aug 19 14:47 .keep_net-misc_tor-0
> 
> /var/lib/tor/data:
> total 8
> drwx------ 2 tor tor 4096 Aug 21 15:09 .
> drwxr-xr-x 3 tor tor 4096 Aug 21 15:09 ..
> 
> 
> 
> Any hints ?


Those permissions look fine. Do you have selinux enabled? Did this work
prior to adding encryption, or could that be a red herring? Can you see
what it fails on with strace? Is tor actually running as the 'tor' user?
Do you have any special security configuration like sandboxing set up?

Tom
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to